amateur

Hi,

Thanks for the screenshots. It appears that those tools were able to clean most of the infection. I guess you mean Avast.

WONWebLauncherControl.ocx was reported by Kaspersky as an adware.

So, it's up to you to keep or delete WONWebLauncherControl class.

=============================

That was the cause of the white background and it was caused by malware. Did you restart your computer afterwards?

=============================

You can go ahead and delete the fixreg.reg file from your desktop now.

=============================
Also caused by malware which you seemed to have downloaded while downloading some games. I don't know where you downloaded them from but most likely via p2p file sharing programs. I would like to take this opportunity to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft.
I recommend very strongly that you remove any file sharing program you may have from your system via Add/Remove Programs in Control Panel.

==============================

You either didn't run the Symantec Removal tool or the tool didn't remove the leftovers. Please do the following, one at a time, to remove those remnants:

Go to Start > Run. Copy/Paste the text in blue, including the quote marks where present:

sc stop "Automatic LiveUpdate Scheduler" and then click OK
sc stop LiveUpdate and then click OK
sc stop SNDSrvc and then click OK

sc delete SNDSrvc and then click OK
sc delete LiveUpdate and then click OK
sc delete "Automatic LiveUpdate Scheduler" and then click OK

=============================

In my last fix I missed one bad registry entry that was disabled via msconfig.

Open notepad. It must be notepad, not wordpad.
Copy and paste the text inside the code box below into notepad, including the blank line at the end. Make sure that wordwrap is turned off in notepad - click the format menu and uncheck wordwrap.
Choose file save as and set file type to all files.
Type amendreg.reg in the file name and save it to your desktop. It should look like this:

Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Close notepad. Make sure that all windows are closed.

Find the amendreg.reg file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer yes.

================================

Reboot your computer. (it's important)

================================

Post a fresh HijackThis log please.